Mankind began its journey in the jungles and then survived through Stone Age, Iron Age, Bronze Age, rapid industrialization and currently, the age of information technology. All these years, as the mankind progressed, the kind of crimes prevalent in the society also kept mutating.
In the age of Information Technology, all the information and data are first transformed into simple digits 0 & 1 and then processed or transported to different locations using some kind of medium, wired or wireless. During the storage and transportation of this data, it becomes totally vulnerable to attacks from delinquent individuals. There is continuous risk of attempted pilferage of sensitive information, such as personal and financial details of the customers or clients, by an individual/group of individuals. The sudden increase in cases of cybercrime and crimes under IT Act 2011 is testimony to this scenario. The companies operating in IT Enabled Services (ITES) space are finding it increasingly difficult to protect their sensitive data from daily attacks from obscure hackers sitting at a remote location in another part of the world.
International Standards Organization (ISO)
International Standards Organization, headquartered at Geneva, Switzerland, came into existence on 23rd February, 1947 to facilitate the international coordination and unification of industrial standards. It is an independent, non-governmental international organization with a membership of 161 National Standard Authorities of different countries. The principal mandate of ISO is to research, develop and implement world-class specifications for products, services and systems, to ensure quality, safety and efficiency at any place in any country of the world. ISO has developed and published 22104 International Standards which are applicable to every industry, such as information technology, food safety, agriculture, manufacturing and healthcare.
Information Security Management Systems (ISMS ISO 27001)
An Information Security Management Systems (ISMS) is a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process. Information Security Management Systems is a certification, developed by International Standards Organization (ISO), for Information Technology individuals/corporate to make them compliant with the latest IT regulations. ISMS describe and establish the requirements for implementation, maintenance and continuous improvement of information security management system for any and all organizations. It also includes requirements for the assessment and treatment of risks associated with information security customized to the needs of the organization. The other certifications in this category are 27001:2014 and 27001:2015. These certifications pave the way for an entity to effectively manage the security of assets such as financial information, intellectual property, employee details or information entrusted to it by third parties’ clients and customers.